nero@eng.umd.edu (Oren L. Stern) (12/16/90)
Someone please correct me on ksu... If you rlogin to a machine and then ksu, you are typing the password in the clear over the network. I'm told that the way around this is to ksu and then rlogin. However, to do this, you need to set up your pty's as secure in /etc/ttytab. I'm also told that this isn't the most secure way to set up your system. Is there no alternative, or have I just got my system misconfigured? Also, a question about the design of ksu. Is there any reason that it doesn't fork off a process to do a kdestroy when you leave the shell like login.krb does? Everyone here is having the hardest time remembering to kdestroy... -- Oren Stern (nero@eng.umd.edu) | "A boy without mischief is like a bowling ball UUCP: uunet!eng.umd.edu!nero | without a liquid center" -- Homer Simpson
MAP@LCS.MIT.Edu (Michael A. Patton) (12/16/90)
In article <1990Dec15.173149.23150@eng.umd.edu> nero@eng.umd.edu (Oren L. Stern) writes:
If you rlogin to a machine and then ksu, you are typing the password in the
clear over the network.
Unless the initial rlogin is rlogin -x, then the connection is
encrypted. Some sysmgr types around here do that as a matter of
course, so they never need to worry about passwords (but if you care
about security, you should stop every time you type your password and
think who is getting to look at it).jon@MIT.EDU (Jon A. Rochlis) (12/17/90)
It's a question of tradeoffs. If you think secure tty's are more of a security problem than typed passwords over the net then don't use them. Most people around here (I think) don't use ksu. They have aliases which switch to a separate ticket file, get root instance tickets with kinit, and rlogin to any servers they need to manage. -- Jon